Return-Path: X-Original-To: apmail-couchdb-user-archive@www.apache.org Delivered-To: apmail-couchdb-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id AE7369D8D for ; Mon, 13 Feb 2012 08:52:38 +0000 (UTC) Received: (qmail 80235 invoked by uid 500); 13 Feb 2012 08:52:36 -0000 Delivered-To: apmail-couchdb-user-archive@couchdb.apache.org Received: (qmail 79820 invoked by uid 500); 13 Feb 2012 08:52:25 -0000 Mailing-List: contact user-help@couchdb.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@couchdb.apache.org Delivered-To: mailing list user@couchdb.apache.org Received: (qmail 79808 invoked by uid 99); 13 Feb 2012 08:52:20 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 13 Feb 2012 08:52:20 +0000 X-ASF-Spam-Status: No, hits=1.5 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS,WEIRD_PORT X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: domain of martinh@gmail.com designates 209.85.160.52 as permitted sender) Received: from [209.85.160.52] (HELO mail-pw0-f52.google.com) (209.85.160.52) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 13 Feb 2012 08:52:12 +0000 Received: by pbbjt11 with SMTP id jt11so5998121pbb.11 for ; Mon, 13 Feb 2012 00:51:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type; bh=O1rP92h/LKfiUdqB6SfUwLNBhrEdo6t5ynolWGUi1EY=; b=MEqu7DSmoZxlPbzAT6uuBF8EZqavpTbuqxk7ZB5xz4YX0vS5Mjkiyo7PPMN5xX+Qhr vyEpfr3G3omxd5t3cKiO6n6tAHRqAJtWLvh8WFyaEj+2fbxy1NOz+7rOpD4vcZ1d2FnX 0SmDQ2G9lWUY2OvN3XMmIA4tSrJ1EIJNO2c/k= MIME-Version: 1.0 Received: by 10.68.238.168 with SMTP id vl8mr17325725pbc.67.1329123112635; Mon, 13 Feb 2012 00:51:52 -0800 (PST) Sender: martinh@gmail.com Received: by 10.68.41.7 with HTTP; Mon, 13 Feb 2012 00:51:52 -0800 (PST) In-Reply-To: <814B6F9C-C04D-4D2E-AFAA-81E6FC822EA4@gmx.net> References: <814B6F9C-C04D-4D2E-AFAA-81E6FC822EA4@gmx.net> Date: Mon, 13 Feb 2012 08:51:52 +0000 X-Google-Sender-Auth: NLFkSqV9Q6FZ0UJoFpNVGg8E2bc Message-ID: Subject: Re: OAuth request_token From: Martin Higham To: user@couchdb.apache.org Content-Type: multipart/alternative; boundary=047d7b33d19cfdcd0404b8d49636 --047d7b33d19cfdcd0404b8d49636 Content-Type: text/plain; charset=ISO-8859-1 CouchDB supports authorisation via OAuth signed requests but does not yet support full, 3-legged OAuth. In order to sign the request you will either have to hard code the OAuth token/secret into the client or find some other way to securely extract them. On 11 February 2012 12:37, Stephan Uhle wrote: > Hey everybody, > > I'm trying to understand (and use) OAuth authentication with couchdb. The > documentation on this is missing... :( > Using google and the couchdb sources, I found out, that the couchdb oauth > authentication urls are: > > _oauth/request_token > _oauth/authorize > _oauth/access_token > > I have configured an oauth consumer and token like this: > > [oauth_consumer_secrets] > localhost = sekr1t > [oauth_token_secrets] > user1 = step > [oauth_token_users] > user1 = step > > So now, I want to obtain a request token by calling the > _oauth/request_token url: > > curl --header 'Authorization:OAuth > realm="",oauth_consumer_key="localhost",oauth_token="user1",oauth_version="1.0",oauth_timestamp="1328962239",oauth_nonce="J0S4c1",oauth_signature_method="HMAC-SHA1",oauth_signature="2Y9kL3K9Y9aRDD3MgLlNe3g4Q94%3D"' > http://localhost:5984/_oauth/request_token > > the response is: > > oauth_token=requestkey&oauth_token_secret=requestsecret > > Obviously, the request token is not being generated. > Does this mean, the oauth authentication is not yet (fully) implemented? > Or am I missing something important? > > Thanks, > Stephan --047d7b33d19cfdcd0404b8d49636--